Salesagility: >> Suitecrm Security Vulnerabilities
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-20
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-03-16
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
SuiteCRM through 7.11.11 allows PHAR Deserialization.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-02-13
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-02-13
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-02-13
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-02-13